In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2018-07-30T15:00:00Z

Updated: 2024-09-16T17:14:32.440Z

Reserved: 2018-03-27T00:00:00

Link: CVE-2018-9066

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-07-30T16:29:00.423

Modified: 2024-11-21T04:14:54.170

Link: CVE-2018-9066

cve-icon Redhat

No data.